New year's resolution for IoT vendors: Start treating LANs as hostile

If your router offers the option to create virtual LANs (VLANs) use this feature to isolate your IoT devices in their own network segment and join your computer or phone to that network only when you need to manage them. Many IoT devices can be managed through cloud-based services so aside from the initial set-up you don't even need to access them over the local network.

If your router allows you to create a guest Wi-Fi network you can use that as a VLAN alternative for your IoT devices. A guest network is typically isolated from the main network and only provides Internet access to the devices connected to it. If you decide to do this, don't use that same guest Wi-Fi network for people who visit your home.

Companies should monitor their networks for newly connected devices all the time so they can immediately remove those that haven't been authorized. Approved IoT devices should be placed behind internal firewalls with strong access policies so they can't be attacked by other computers on the network.